Skip Links

Network World

Brad Reese

How does Cisco IronPort prevent Directory Harvest Attacks (DHA)?

By Brad Reese on Mon, 02/02/09 - 1:55pm.

How a Directory Harvest Attack Works

Below, Tom Topping - director of federal operations for Cisco IronPort gives his take on how IronPort prevents Directory Harvest Attacks (from a Q&A featured on the Cisco NetPro Forum).

How does the IronPort prevent Directory Harvest Attacks?

Tom ToppingDirectories are harvested when a sender delivers thousands of common email recipient addresses to a domain; for example asmith@, bsmith@, csmith@, ajones@....... The attacker is seeking to understand which addresses DO NOT generate an Invalid Recipient Bounce. By knowing which addresses do not bounce the attacker knows which addresses are valid for that domain. Therefore in order to stop these attacks the IronPort does two things:

1. It validates the recipient email address, via an LDAP query, during the SMTP Conversation.
2. It counts the number of invalid recipients from each sender and stops responding after a configurable number of invalid recipients during each hour.

More questions and answers...

Does the IronPort Email Security Appliance support Authentication Mechanisms such as Domain Keys?

Yes, the IronPort Email Security Appliance authenticates received messages that are signed with SIDF, Domain Keys and DKIM. The appliances also can sign outbound messages with DKIM and Domain Keys.

How many real emails does the IronPort misclassify and stick into the Spam Bucket?

IronPort's advertised False Positive Rate is "Less Than One In One Million", IronPort customer actually experience far fewer False Positives than that. Effectively, the typical end-user behind an IronPort never experiences a false positive.

Does the IronPort Anti-Spam system have Centralized Management so that a change can be made to one systems and that change get propagated to the others?

Yes, the system does support Centralized Management. This is implemented on-system, without the need for an additional Centralized-Management appliance.

How many interfaces do the IronPort C-Series systems have?

The IronPort C160 has two network interfaces (copper 10/100/1000).
The IronPort C360, C660, X1060 all have three network interfaces (copper 10/100/1000).
The X1060 has a 4 x gigabit fiber option.

Read more about Directory Harvest Attacks.

View more info on the Cisco spam and virus blocker.

What's your take on how to prevent Directory Harvest Attacks?

Brad Reese
BradReese.Com Cisco Refurbished
Brad's Favorite Story Picks

  1. Used Cisco equals gypsies at a flea market
  2. Are these the real reasons for the fall of Nortel?
  3. Could Cisco EnergyWise kill the thriving secondary-market for Cisco equipment?
  4. Cisco to release new February 2009 edition of its famous product quick reference guide!
  5. HP ProCurve wrestles Cisco with new tag teams
  6. Cisco distributor says customers demanding HP ProCurve
  7. Nortel chief flying in corporate jet as company files for bankruptcy protection
  8. Padmasree Warrior as Obama choice for U.S. CTO: Huge win for Cisco, total disaster for America!
  9. Nortel employee severance payments frozen by bankruptcy
  10. Nortel employees speak out: Hopes of becoming multimillionaires dashed
  11. View Brad Reese on Cisco Story Archives

Cisco Repair

Refurbished Cisco

Cisco Power Supplies

New Cisco Equipment

True...

0
By Anon (not verified) on Mon, 02/02/2009 - 3:41pm.

We use Ironports and I can say without a doubt it is the best spam-protection i have ever used/seen, and I have seen most major vendors. The SenderBase Reputation Service works wonders! :)))

Appriciation

0
By Adam (not verified) on Mon, 05/25/2009 - 8:11am.

This is a wonderful opinion. The things mentioned are unanimous and needs to be appreciated by everyone. The above thought is smart and doesn’t require any further addition. It’s perfect thought from my side.
Adam
lawyer directory

Answer

0
By Sean (not verified) on Wed, 05/13/2009 - 11:45pm.

Well, it shocking and considered necessary and immediate attention to short out at the earlier.
-------------
Sean Cruz
Lawyer Directory

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.
Welcome, visitor. Register Log in
About Brad Reese on Cisco

Brad Reese cofounded BradReese.Com Cisco Refurbished, which enables affordable Cisco networks globally by assuring customer satisfaction with guaranteed one year warranties on both Cisco Repair as well as Refurbished Cisco.

Don't be shy, contact Brad Reese online or call him Toll Free:

866-864-0506

International callers may wish to call Brad by dialing:

850-364-4115

Archives
February 2010
January 2010
December 2009
November 2009
October 2009
September 2009
August 2009
July 2009
June 2009
May 2009
April 2009
March 2009
February 2009
January 2009
December 2008
November 2008
October 2008
September 2008
August 2008
July 2008
June 2008
May 2008
April 2008
March 2008
February 2008
January 2008
December 2007
November 2007
October 2007
September 2007
August 2007
July 2007
June 2007
May 2007
April 2007
March 2007
February 2007
January 2007
Categories
A Clear Path to 100Gigabit Ethernet on the Alcatel-Lucent Service Router Portfolio
Allan Sulkin - founder and president of enterprise communications systems and applications consultancy - TEQConsult Group
Careers
Chambers and his Board of Dirctors urged Cisco shareholders to vote NO
China networking marketplace
Christian Brothers Investment Services notice
Cisco
Cisco F1Q10 earnings call
Cisco TelePresence
Cisco TelePresence revenue
Cisco engineer - Kevin Murphy
Cisco first quarter net product sales in emerging markets by fiscal year
Cisco has now become the target of unflattering employee reviews
Cisco is well known as being one of the best companies to work for
Cisco responds to the Dell’Oro Group Router Report 3Q09
Cisco stock chart for the last 10 years
Cisco's 1st Quarter Other Product Revenue By Fiscal Year
Cisco's F1Q10 earnings call
Cisco's Form 10-Q
Cisco's new Stock Incentive Plan as amended and restated
Cisco's upcoming annual stockholder's meeting
Data Center
Dave Donatelli - HP executive vice president and general manager of enterprise servers and networking
Dell’Oro Group's 3Q09 vs. 3Q08 SP Edge Router Revenue Market Shares
Did Cisco take its eye off the ball in emerging markets
Do you think Cisco can effectively compete against Huawei
FNF
Financial windfall for Cisco shareholders
Flexible NetFlow
Flip video camcorder
Flip video camcorder revenue
Gilbert Public School's $3.5 million network upgrade to HP
Gilbert Public Schools Board President - Thad Stump
Gilbert Public Schools assistant superintendent - Barb VeNard
Glassdoor.com is financially backed by 2 of the leading Silicon Valley venture capital firms - Benchmark Capital and Sutter Hill Ventures
HP also bid on the project
HP purchasing 3Com
HP's Converged Infrastructure strategy
HP's acquisition of 3Com
Huawei
John Chambers has had some good paydays as the CEO of Cisco
LANs / WANs
NBAD
NetFlow
NetFlow add-ons
Network Behavior Anomaly Detection
Network Management
Popular online career and workplace community - Glassdoor.com
ProCurve ONE alliance
Proposal submitted by Christian Brothers Investment Services
Proxy resolution during Cisco's annual meeting
SMB
Say on executive pay
Security
So how does one verify that Glassdoor's information is really from Cisco employees?
Software
Superintendent Dave Allison
TelePresence revenue
VoIP / Convergence
When Cisco used its common stock to buy Linksys and Pure Digital
Who's right about Cisco's work environment - Fortune or Glassdoor?
Wireless / Mobile
On The Web
Twitter